Changeset 1665
- Timestamp:
- 01/30/2007 07:40:34 AM (21 months ago)
- Location:
- branches/3.0/demos/quickstart/protected/pages
- Files:
-
- 2 modified
-
Advanced/Security.page (modified) (1 diff)
-
Controls/Standard.page (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/3.0/demos/quickstart/protected/pages/Advanced/Security.page
r1397 r1665 48 48 <li>An application can use SSL to create a secure communication channel and only pass the authentication cookie over an HTTPS connection. Attackers are thus unable to decipher the contents in the transferred cookies.</li> 49 49 <li>Expire sessions appropriately, including all cookies and session tokens, to reduce the likelihood of being attacked.</li> 50 <li>Prevent <a href="?page=Security.XSS">cross-site scripting (XSS)</a>which causes arbitrary code to run in a user's browser and expose his cookies.</li>50 <li>Prevent cross-site scripting (XSS) which causes arbitrary code to run in a user's browser and expose his cookies.</li> 51 51 <li>Validate cookie data and detect if they are altered.</li> 52 52 </ul> -
branches/3.0/demos/quickstart/protected/pages/Controls/Standard.page
r1397 r1665 101 101 102 102 <li> 103 <a href="?page=Controls.SafeHtml">TSafeHtml</a> displays its body content with assurance that the content contain no harmful code (such as <a href="?page= Security.XSS">XSS</a>).103 <a href="?page=Controls.SafeHtml">TSafeHtml</a> displays its body content with assurance that the content contain no harmful code (such as <a href="?page=Advanced.Security">XSS</a>). 104 104 </li> 105 105
